AT&T has launched a new Account Lock feature designed to protect customers from SIM swapping attacks. The security tool, available through the myAT&T app, prevents unauthorized changes to customer accounts including phone number transfers, SIM card changes, billing information updates, device upgrades, and modifications to authorized users.

SIM swapping attacks occur when criminals obtain a victim's phone number through social engineering techniques, then intercept messages and calls to access two-factor authentication codes for sensitive accounts. The attacks have become increasingly common in recent years. AT&T began gradually rolling out Account Lock earlier this year, joining T-Mobile, Verizon, and Google Fi, which already offer similar fraud prevention features.

AT&T is buying CenturyLink's consumer fiber broadband division for $5.75 billion, "giving the internet provider another 1.1 million fiber customers in 11 states," reports Ars Technica. "The all-cash deal is expected to close during the first half of 2026 assuming the companies obtain regulatory approval. AT&T will gain new customers in Arizona, Colorado, Florida, Idaho, Iowa, Minnesota, Nebraska, Nevada, Oregon, Utah, and Washington." From the report: The deal will give AT&T room to grow its user base by more than the 1.1 million existing CenturyLink customers, as AT&T said the network areas being sold include over 4 million fiber-enabled locations. [...] The company, previously called CenturyLink, is officially named Lumen now but still uses the CenturyLink brand name for home Internet service. AT&T, which has 9.6 million (PDF) fiber customers and 14.1 million broadband customers overall, said the infrastructure it is purchasing will help it expand fiber construction to new locations as well.

The deal is also notable for what it doesn't include: Lumen's enterprise fiber customers and the old copper DSL lines that were never upgraded to fiber. [...] The deal seems unlikely to improve matters for CenturyLink copper users. [...] Lumen will retain the CenturyLink consumer copper broadband and voice services, but selling the consumer fiber business makes it clear that the telco isn't focused on residential customers. Lumen said that offloading consumer fiber lines will help sharpen its focus on selling services to large businesses. The company is maintaining its business fiber lines. [Ars notes that there are still nearly 1.4 million CenturyLink copper internet customers that will likely see service continue to degrade under Lumen's ownership.] "The transaction will enable AT&T to significantly expand access to AT&T Fiber in major metro areas like Denver, Las Vegas, Minneapolis-St. Paul, Orlando, Phoenix, Portland, Salt Lake City and Seattle, as well as additional geographies," AT&T said.

"AT&T will gain access to Lumen's substantial fiber construction capabilities within its incumbent local exchange carrier (ILEC) footprint and plans to accelerate the pace at which fiber is being built in these territories," AT&T said. "AT&T now expects to reach approximately 60 million total fiber locations by the end of 2030 -- "roughly doubling where AT&T Fiber is available today."

Sen. Ron Wyden (D-Ore.) revealed in a new letter to Senate colleagues Wednesday that AT&T, Verizon and T-Mobile failed to create systems for notifying senators about government surveillance on Senate-issued devices -- despite a requirement to do so. From a report: Phone service providers are contractually obligated to inform senators when a law enforcement agency requests their records, thanks to protections enacted in 2020. But in an investigation, Wyden's staff found that none of the three major carriers had created a system to send those notifications.

"My staff discovered that, alarmingly, these crucial notifications were not happening, likely in violation of the carriers' contracts with the [Senate Sergeant at Arms], leaving the Senate vulnerable to surveillance," Wyden said in the letter, obtained first by POLITICO, dated May 21. Wyden said that the companies all started providing notification after his office's investigation. But one carrier told Wyden's office it had previously turned over Senate data to law enforcement without notifying lawmakers, according to the letter.

Longtime Slashdot reader CyberSlugGump shares a support article from AT&T, writing: On June 17th, AT&T will stop supporting email-to-text messages. That means you won't be able to send a text message to an AT&T customer from an email address. You can still get in touch with AT&T customers using SMS (text), MMS, and standard email services.

An anonymous reader quotes a report from the EFF: EFF is deeply saddened to learn of the passing of Mark Klein, a bona fide hero who risked civil liability and criminal prosecution to help expose a massive spying program that violated the rights of millions of Americans. Mark didn't set out to change the world. For 22 years, he was a telecommunications technician for AT&T, most of that in San Francisco. But he always had a strong sense of right and wrong and a commitment to privacy. When the New York Times reported in late 2005 that the NSA was engaging in spying inside the U.S., Mark realized that he had witnessed how it was happening. He also realized that the President was not telling Americans the truth about the program. And, though newly retired, he knew that he had to do something. He showed up at EFF's front door in early 2006 with a simple question: "Do you folks care about privacy?"

We did. And what Mark told us changed everything. Through his work, Mark had learned that the National Security Agency (NSA) had installed a secret, secure room at AT&T's central office in San Francisco, called Room 641A. Mark was assigned to connect circuits carrying Internet data to optical "splitters" that sat just outside of the secret NSA room but were hardwired into it. Those splitters -- as well as similar ones in cities around the U.S. -- made a copy of all data going through those circuits and delivered it into the secret room. Mark not only saw how it works, he had the documents to prove it. He brought us over a hundred pages of authenticated AT&T schematic diagrams and tables. Mark also shared this information with major media outlets, numerous Congressional staffers, and at least two senators personally. One, Senator Chris Dodd, took the floor of the Senate to acknowledge Mark as the great American hero he was.

AT&T and Verizon have successfully completed their first cellphone-to-satellite video calls using AST SpaceMobile's satellites, marking a significant step toward commercial satellite networks. The Verge reports: Verizon has completed its first cellphone-to-satellite video call, while AT&T has completed its first using satellites that will be used as part of a commercial network. [...] Verizon pulled off "a live video call between two mobile devices with one connected via satellite and the other connected via Verizon's terrestrial network connection," according to a company press release.

In AT&T's case, "AT&T and AST SpaceMobile have successfully completed another video call by satellite to an everyday smartphone over AT&T spectrum," per AT&T's press release. Both phone companies relied on AST's constellation of five BlueBird satellites that were launched last September for the tests. AT&T's initial video call test happened in June 2023.

Cameron John Wagenius pleaded guilty to hacking AT&T and Verizon and stealing a massive trove of phone records from the companies, according to court records filed on Wednesday. From a report: Wagenius, who was a U.S. Army soldier, pleaded guilty to two counts of "unlawful transfer of confidential phone records information" on an online forum and via an online communications platform.

According to a document filed by Wagenius' lawyer, he faces a maximum fine of $250,000 and prison time of up to 10 years for each of the two counts. Wagenius was arrested and indicted last year. In January, U.S. prosecutors confirmed that the charges brought against Wagenius were linked to the indictment of Connor Moucka and John Binns, two alleged hackers whom the U.S. government accused of several data breaches against cloud computing services company Snowflake, which were among the worst hacks of 2024.

Ars Technica's Jon Brodkin reports: AT&T has stopped offering its 5G home Internet service in New York instead of complying with a new state law that requires ISPs to offer $15 or $20 plans to people with low incomes. New York started enforcing its Affordable Broadband Act yesterday after a legal battle of nearly four years. [...] The law requires ISPs with over 20,000 customers in New York to offer $15 broadband plans with download speeds of at least 25Mbps, or $20-per-month service with 200Mbps speeds. The plans only have to be offered to households that meet income eligibility requirements, such as qualifying for the National School Lunch Program, Supplemental Nutrition Assistance Program, or Medicaid. [...]

Ending home Internet service in New York is relatively simple for AT&T because it is outside the 21-state wireline territory in which the telco offers fiber and DSL home Internet service. "AT&T Internet Air is currently available only in select areas and where AT&T Fiber is not available. New York is outside of our wireline service footprint, so we do not have other home Internet options available in the state," the company said. AT&T will continue offering its 4G and 5G mobile service in New York, as the state law only affects home Internet service. People with smartphones or other mobile devices connected to the AT&T wireless network should thus see no change.

Existing New York-based users of AT&T Internet Air can only keep it for 45 days and won't be charged during that time, AT&T said. "During this transition, customers will be able to keep their existing AT&T Internet Air service for up to 45 days, at no charge, as they find other options for broadband. We will work closely with our customers throughout this transition," AT&T said. Residential users will be sent "a recovery kit with instructions on how to return their AIA equipment, while business customers can keep any device they purchased at no charge," AT&T said.

An anonymous reader quotes a report from Ars Technica: AT&T, following last year's embarrassing botched update that kicked every device off its wireless network and blocked over 92 million phone calls, is now promising full-day bill credits to mobile customers for future outages that last at least 60 minutes and meet certain other criteria. A similar promise is being made to fiber customers for unplanned outages lasting at least 20 minutes, but only if the customer uses an AT&T-provided gateway. The "AT&T Guarantee" announced today has caveats that can make it possible for a disruption to not be covered. AT&T says the promised mobile bill credits are "for wireless downtime lasting 60 minutes or more caused by a single incident impacting 10 or more towers."

The full-day bill credits do not include a prorated amount for the taxes and fees imposed on a monthly bill. The "bill credit will be calculated using the daily rate customer is charged for wireless service only (excludes taxes, fees, device payments, and any add-on services," AT&T said. If an outage lasts more than 24 hours, a customer will receive another full-day bill credit for each additional day. If only nine or fewer AT&T towers aren't functioning, a customer won't get a credit even if they lose service for an hour. The guarantee kicks in when a "minimum 10 towers [are] out for 60 or more minutes resulting from a single incident," and the customer "was connected to an impacted tower at the time the outage occurs," and "loses service for at least 60 consecutive minutes as a result of the outage."

The guarantee "excludes events beyond the control of AT&T, including but not limited to, natural disasters, weather-related events, or outages caused by third parties." AT&T says it will determine "in its sole discretion" whether the disruption is "a qualifying" network outage. "Consumers will automatically receive a bill credit equaling a full day of service and we'll reach out to our small business customers with options to help make it right," AT&T said. When there's an outage, AT&T said it will "notify you via e-mail or SMS to inform you that you've been impacted. Once the interruption has been resolved, we'll contact you with details about your bill credit." If AT&T fails to provide the promised credit for any reason, customers will have to call AT&T or visit an AT&T store.

To qualify for the similar fiber-outage promise, "customers must use AT&T-provided gateways," the firm said. There are other caveats that can prevent a home Internet customer from getting a bill credit. AT&T said the fiber-outage promise "excludes events beyond the control of AT&T, including but not limited to, natural disasters, weather-related events, loss of service due to downed or cut cable wires at a customer residence, issues with wiring inside customer residence, and power outages at customer premises. Also excludes outages resulting from planned maintenance." AT&T notes that some residential fiber customers in multi-dwelling units "have an account with AT&T but are not billed by AT&T for Internet service." In the case of outages, these customers would not get bill credits but would be given the option to redeem a reward card that's valued at $5 or more.

An anonymous reader quotes a report from KrebsOnSecurity: Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South Korea. Cameron John Wagenius was arrested near the Army base in Fort Hood, Texas on Dec. 20, after being indicted on two criminal counts of unlawful transfer of confidential phone records. The sparse, two-page indictment (PDF) doesn't reference specific victims or hacking activity, nor does it include any personal details about the accused. But a conversation with Wagenius' mother -- Minnesota native Alicia Roen -- filled in the gaps.

Roen said that prior to her son's arrest he'd acknowledged being associated with Connor Riley Moucka, a.k.a. "Judische," a prolific cybercriminal from Canada who was arrested in late October for stealing data from and extorting dozens of companies that stored data at the cloud service Snowflake. In an interview with KrebsOnSecurity, Judische said he had no interest in selling the data he'd stolen from Snowflake customers and telecom providers, and that he preferred to outsource that to Kiberphant0m and others. Meanwhile, Kiberphant0m claimed in posts on Telegram that he was responsible for hacking into at least 15 telecommunications firms, including AT&T and Verizon. On November 26, KrebsOnSecurity published a story that followed a trail of clues left behind by Kiberphantom indicating he was a U.S. Army soldier stationed in South Korea.

[...] Immediately after news broke of Moucka's arrest, Kiberphant0m posted on the hacker community BreachForums what they claimed were the AT&T call logs for President-elect Donald J. Trump and for Vice President Kamala Harris. [...] On that same day, Kiberphant0m posted what they claimed was the "data schema" from the U.S. National Security Agency. On Nov. 5, Kiberphant0m offered call logs stolen from Verizon's push-to-talk (PTT) customers -- mainly U.S. government agencies and emergency first responders. On Nov. 9, Kiberphant0m posted a sales thread on BreachForums offering a "SIM-swapping" service targeting Verizon PTT customers. In a SIM-swap, fraudsters use credentials that are phished or stolen from mobile phone company employees to divert a target's phone calls and text messages to a device they control.

Lost deliveries, shipping delays and theft on the front porch have become such growing problems that companies are making consumers pay for package protection. From a report: Tens of thousands of online retailers now offer the service for a few dollars per order. The fees go to young companies -- Route and Corso, to name two -- that promise to make customers whole without charging the merchant if a delivery doesn't arrive. Consumers are finding that retailers either ask them to pay for package protection or draw a harder line when it comes to replacing a missing item. Some retailers are making the fees mandatory, spreading the burden of package theft among all customers.

To know whether you are paying the fee, review your order before you press purchase. Sometimes it is named after the company offering protection, and sometimes it is called shipping insurance or package protection. Skincare brand Topicals began using Corso two years ago after seeing 30% of its packages were regularly marked delivered but not received, according to customer insights manager Deja Jefferson. By requiring protection, which Topicals discloses on its shipping page, the company doesn't have to worry about convincing customers to opt in. "We actually don't get any complaints on it whatsoever," she said. Further reading: Porch Pirates Steal So Many Packages That Now You Can Get Insurance.

Bruce Perens, original co-founder of the Open Source Initiative, has responded to questions from Slashdot readers about a new alternative he's developing that hopefully helps "Post Open" developers get paid.

But first, "One of the things that's clear from the Slashdot patter is that people are not aware of what I've been doing, in general," Perens says. "So, let's start by filling that in..."

Read on for the rest of his wide-ranging answers....

An anonymous reader quotes a report from KrebsOnSecurity: Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake, but a third suspect -- a prolific hacker known as Kiberphant0m -- remains at large and continues to publicly extort victims. However, this person's identity may not remain a secret for long: A careful review of Kiberphant0m's daily chats across multiple cybercrime personas suggests they are a U.S. Army soldier who is or was recently stationed in South Korea.

Kiberphant0m's identities on cybercrime forums and on Telegram and Discord chat channels have been selling data stolen from customers of the cloud data storage company Snowflake. At the end of 2023, malicious hackers discovered that many companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with nothing more than a username and password (no multi-factor authentication required). After scouring darknet markets for stolen Snowflake account credentials, the hackers began raiding the data storage repositories for some of the world's largest corporations. Among those was AT&T, which disclosed in July that cybercriminals had stolen personal information, phone and text message records for roughly 110 million people. Wired.com reported in July that AT&T paid a hacker $370,000 to delete stolen phone records.

On October 30, Canadian authorities arrested Alexander Moucka, a.k.a. Connor Riley Moucka of Kitchener, Ontario, on a provisional arrest warrant from the United States, which has since indicted him on 20 criminal counts connected to the Snowflake breaches. Another suspect in the Snowflake hacks, John Erin Binns, is an American who is currently incarcerated in Turkey. Investigators say Moucka, who went by the handles Judische and Waifu, had tasked Kiberphant0m with selling data stolen from Snowflake customers who refused to pay a ransom to have their information deleted. Immediately after news broke of Moucka's arrest, Kiberphant0m was clearly furious, and posted on the hacker community BreachForums what they claimed were the AT&T call logs for President-elect Donald J. Trump and for Vice President Kamala Harris. [...] Also on Nov. 5, Kiberphant0m offered call logs stolen from Verizon's push-to-talk (PTT) customers -- mainly U.S. government agencies and emergency first responders. Kiberphant0m denies being in the U.S. Army and said all these clues were "a lengthy ruse designed to create a fictitious persona," reports Krebs.

"I literally can't get caught," Kiberphant0m said, declining an invitation to explain why. "I don't even live in the USA Mr. Krebs." A mind map illustrates some of the connections between and among Kiberphant0m's apparent alter egos.

U.S. Cellular has agreed to sell $1.02 billion worth of spectrum licenses to AT&T as part of its strategy to monetize its spectrum assets that were not included in an earlier $4.4 billion deal with T-Mobile. Reuters reports: Last month, U.S. Cellular agreed to sell select spectrum licenses for $1 billion to Verizon. It also signed deals with two other mobile network operators, but did not disclose the details. The latest agreement "adds a fourth mobile network operator, in addition to T-Mobile, to the list of those whose subscribers will benefit from the sale of our spectrum licenses," U.S. Cellular CEO Laurent Therivel said on Thursday. From a press release: Following this transaction, as well as those previously announced, UScellular will have reached definitive agreements to monetize approximately 55%, measured on a MHz-Pops basis, of the spectrum holdings (excluding mmWave) that were excluded from the proposed sale to T-Mobile, for a total consideration of approximately $2.02 billion. Including the proposed T-Mobile transaction, UScellular will have reached agreements to monetize approximately 70% of its total spectrum holdings (excluding mmWave), measured on a MHz-Pops basis.

"After our proposed sales, we will be left with 1.86 billion MHz-Pops of low and mid-band spectrum, as well as 17.2 billion MHz-Pops of mmWave spectrum, with the substantial majority of retained value in the C-band spectrum," [said Laurent C. Therivel, President and CEO]. "The C-band licenses have a number of attributes that we believe are favorable to their long-term value. First, our C-band licenses are positioned in an attractive mid-band frequency that can deliver outstanding speed and capacity. Second, there is a substantial 5G ecosystem of equipment vendors and existing infrastructure that uses C-band. Finally, they have a lengthy build-out timeline, with first and second build-out dates of 2029 and 2033, respectively. This provides ample time and optionality for us to either monetize or deploy the spectrum in the future. We will continue to look for ways to opportunistically monetize the C-band, as well as the other remaining spectrum."

AT&T has signed a $1 billion multi-year deal with Corning to acquire fiber and connectivity solutions. Reuters reports: With the U.S. wireless market facing a slowdown, telecom companies such as AT&T and rival Verizon have doubled down on their high-speed internet businesses, an area that has long been dominated by broadband companies such as Comcast. Demand has also been growing for AT&T's plans that allow customers to combine its high-speed fiber data with its wireless phone service for a discount. In the third quarter, AT&T reported 28.3 million fiber passings, or the number of potential customer locations a fiber network passes by. It remains on track to pass more than 30 million fiber passings by the end of 2025.

An anonymous reader shares a report: T-Mobile promised users who bought certain mobile plans that it would never raise their prices for as long as they lived -- but then raised their prices this year. So it's no surprise that 2,000 T-Mobile customers complained to the government about a price hike on plans that were advertised as having a lifetime price lock. "I am still alive and T-Mobile is increasing the price for service by $5 per line. How is this a lifetime price lock?" one customer in Connecticut asked the Federal Communications Commission in a complaint that we obtained through a public records request.

"I am not dead yet," a customer in New York wrote bluntly, saying they had bought a plan with a "guarantee for life." Both of those customers said they purchased T-Mobile's senior plan marketed to people aged 55 and up. While the price hikes apply to customers on various plans regardless of their age, many of the complaints to the FCC came from people in the 55+ age group. Some pointed out that if T-Mobile simply waits long enough, the carrier won't have to serve 55-and-up customers forever.

An anonymous reader writes: T-Mobile and AT&T say US regulators should drop a plan to require unlocking of phones within 60 days of activation, claiming that locking phones to a carrier's network makes it possible to provide cheaper handsets to consumers. "If the Commission mandates a uniform unlocking policy, it is consumers -- not providers -- who stand to lose the most," T-Mobile alleged in an October 17 filing with the Federal Communications Commission. The proposed rule has support from consumer advocacy groups who say it will give users more choice and lower their costs.

T-Mobile has been criticized for locking phones for up to a year, which makes it impossible to use a phone on a rival's network. T-Mobile claims that with a 60-day unlocking rule, "consumers risk losing access to the benefits of free or heavily subsidized handsets because the proposal would force providers to reduce the line-up of their most compelling handset offers." If the proposed rule is enacted, "T-Mobile estimates that its prepaid customers, for example, would see subsidies reduced by 40 percent to 70 percent for both its lower and higher-end devices, such as the Moto G, Samsung A15, and iPhone 12," the carrier said. "A handset unlocking mandate would also leave providers little choice but to limit their handset offers to lower cost and often lesser performing handsets." In July, the FCC approved a Notice of Proposed Rulemaking (NPRM) for the unlocking policy in a 5-0 vote.

The FCC is proposing "to require all mobile wireless service providers to unlock handsets 60 days after a consumer's handset is activated with the provider, unless within the 60-day period the service provider determines the handset was purchased through fraud."

The first 5G Internet of Things (IoT) devices are launching soon. According to Fierce Wireless, T-Mobile plans to launch its first RedCap devices by the end of the year, while AT&T's devices are expected sometime in 2025. From the report: All of this should pave the way for higher performance 5G gadgets to make an impact in the world of IoT. RedCap, which stands for reduced capabilities, was introduced as part of the 3GPP's Release 17 5G standard, which was completed -- or frozen in 3GPP terms -- in mid-2022. The specification, which is also called NR-Light, is the first 5G-specific spec for IoT.

RedCap promises to offer data transfer speeds of between 30 Mbps to 80 Mbps. The RedCap spec greatly reduces the bandwidth needed for 5G, allowing the signal to run in a 20 MHz channel rather than the 100 MHz channel required for full scale 5G communications.

"A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers," reports the Wall Street Journal, "potentially accessing information from systems the federal government uses for court-authorized network wiretapping requests.

"For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data, according to people familiar with the matter, which amounts to a major national security risk." The attackers also had access to other tranches of more generic internet traffic, they said. Verizon Communications, AT&T and Lumen Technologies are among the companies whose networks were breached by the recently discovered intrusion, the people said.

The widespread compromise is considered a potentially catastrophic security breach and was carried out by a sophisticated Chinese hacking group dubbed Salt Typhoon. It appeared to be geared toward intelligence collection, the people said... The surveillance systems believed to be at issue are used to cooperate with requests for domestic information related to criminal and national security investigations. Under federal law, telecommunications and broadband companies must allow authorities to intercept electronic information pursuant to a court order. It couldn't be determined if systems that support foreign intelligence surveillance were also vulnerable in the breach...

The hackers appear to have engaged in a vast collection of internet traffic from internet service providers that count businesses large and small, and millions of Americans, as their customers. Additionally, there are indications that the hacking campaign targeted a small number of service providers outside the U.S., the people said. A person familiar with the attack said the U.S. government considered the intrusions to be historically significant and worrisome... "It will take time to unravel how bad this is, but in the meantime it's the most significant in a long string of wake-up calls that show how the PRC has stepped up their cyber game," said Brandon Wales, former executive director at the Cybersecurity and Infrastructure Security Agency and now a vice president at SentinelOne, referring to the People's Republic of China. "If companies and governments weren't taking this seriously before, they absolutely need to now."
Three weeks ago TechCrunch also reported that the FBI "took control of a botnet made up of hundreds of thousands of internet-connected devices, such as cameras, video recorders, storage devices, and routers, which was run by a Chinese government hacking group, FBI director Christopher Wray and U.S. government agencies revealed Wednesday.

The Register's Simon Sharwood reports: AT&T has claimed that Broadcom made it an offer to increase prices by 1,050 percent, and may be influencing other vendors to make a migration harder. The claim of the colossal price hike came in an email [PDF] filed in evidence by AT&T in its case alleging Broadcom hasn't honored a contract that would allow the carrier to acquire an additional two years of support services for its VMware estate. The email was penned by AT&T executive vice president and general manager Susan A Johnson and appears to be addressed to Broadcom CEO Hock Tan.

"After a 10 plus year strategic relationship with Broadcom ... I am sad to report that we appear to be at an impasse on our VMware deal," Johnson wrote on August 19. "The latest offer that we have received would put us at an average of $REDACTED per year for a 5 year deal, where we currently pay $REDACTED per year to support previously purchased perpetual licenses with a right to renew support through September, 2026. This proposed annual increase of +1,050 percent in one year is extreme and certainly not how we expect strategic partners to engage in doing business with AT&T."